Secjuice Squeeze 71
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week.
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Tony Kelly, Andy74, Nishith K, Prasanna, Ross Moore, and Mars Groves.
403 forbidden bypass leads to HALL OF FAME
Hello hackers, Hope you are doing well. Today we are talking about 403 forbidden bypass. I am trying to explain it in a simple way and after that, I will talk about some 403 bypass technique. So without any delay let’s get started.
Read more at infosecwriteups.com
Microsoft warns of critical PowerShell 7 code execution vulnerability
Microsoft warns of a critical .NET Core remote code execution vulnerability in PowerShell 7 caused by how text encoding is performed in in .NET 5 and .NET Core.
Read more at bleepingcomputer.com
Telnet service left enabled and without a password on SIMATIC HMI Comfort Panels - The Record by Recorded Future
Siemens SIMATIC HMI Comfort Panels, devices meant to provide visualization of data received from industrial equipment, are exposing their Telnet service without any form of authentication, security researchers have discovered.
Read more at therecord.media
Mysterious Node.js malware puzzles security researchers - The Record by Recorded Future
Almost four months after it was first spotted in the wild, the infosec community is still scratching its head in regards to the purpose of a new malware strain named Lu0bot.
Read more at therecord.media
Android Apps with 5.8 million Installs Caught Stealing Users' Facebook Passwords
A total of nine Android apps with a combined install base of 5.8 million have been caught stealing Facebook passwords.
Read more at thehackernews.com
Critical Remote Code Execution Vulnerability in Dotnet Core for PowerShell. - CyberWorkx
Microsoft has urged the Azure users to update the patches for remote code execution vulnerability on dotnet core in Powershell 7 due to text encoding operation processed in .Net 5 and .Net Core. Microsoft has said that there are no mitigations available to block the exploitation of this vulnerability tracked under the CVE-2021-26701. “The vulnerable … Continue reading Critical Remote Code Execution Vulnerability in Dotnet Core for PowerShell.
Read more at cyberworkx.in
Kaseya: Roughly 1,500 businesses hit by REvil ransomware attack
Kaseya says the REvil supply-chain ransomware attack breached the systems of roughly 60 of its direct customers using the company's VSA on-premises product.
Read more at bleepingcomputer.com
Kaspersky Password Manager: All your passwords are belong to us
Password generated by Kaspersky Password Manager were predictable (CVE-2020-27020).
Read more at ledger.com
DARPA makes hardware bug bounty platform open source - FedScoop
The agency hopes that the system will help white-hat hackers to spot flaws in chip designs.
Read more at fedscoop.com
Hackers demand $70 million to unlock businesses hit by sprawling ransomware attack
As many as 1,500 businesses were swept up in the “sophisticated cyberattack," according to the U.S. information technology firm Kaseya.
Read more at washingtonpost.com
Older workers are a secret weapon against cyber attacks
The value of employees who began their careers before the digital age is underestimated.
Read more at ft.com
The Republican National Committee said a third-party Microsoft IT contractor was breached in cyber attack last week, but no GOP data stolen
Russian government hackers breached Synnex, a third-party IT contractor that works with Microsoft last week, around the same time a major ransomware attack was tied to a Russian-linked criminal group.
Read more businessinsider.com
Leveraging Burp Suite extension for finding HTTP Request Smuggling.
HTTP Request Smuggling is often left behind in bug bounty findings. But with the right extension, you can automate the task of finding HTTP...
Read more at infosecwriteups.com
API Security 101: Broken User Authentication
How attackers hack API authentication. Are you who you say you are?
Read more at shiftleft.io
All about Password Reset vulnerabilities
Bug bounty approach for finding bugs in password reset function.
Read more at infosecwriteups.com
Why Cybersecurity Has Become Even More Challenging for Law Firms | Legaltech News
Law firms can't afford to treat cybersecurity as an afterthought, especially with clients paying even more attention to how attorneys go about protecting their sensitive and highly confidential business information.
Read more at law.com
Western Digital Users Face Another RCE
Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t upgrade their My Cloud storage devices.
Read more at threatpost.com
Dozens of Vulnerable NuGet Packages Allow Attackers to Target .NET Platform
Researchers have identified dozens of critically vulnerable NuGet packages that are being actively exploited by attackers.
Read more at thehackernews.com
Cloud Cryptomining Swindle in Google Play Rakes in Cash
At least 25 apps have lured in tens of thousands of victims with the promise of helping them cash in on the cryptomining craze.
Read more at threatpost.com
Kaspersky Password Manager caught out making easily bruteforced passwords | ZDNet
If you are using Kaspersky Password Manager, you might want to regenerate any password created before October 2019.
Read more at zdnet.com
Params — Discovering Hidden Treasure in WebApps
Hey Guys!! What's Going on?I was thinking of Tweeting about parameter discovery in web apps lately.
Read more at medium.com
The Kaseya Ransomware Attack Is a Really Big Deal
If you’re not already paying attention to the Kaseya ransomware incident, you should be.
Read more at lawfareblog.com
Hunting for Phishing Links Using Sysmon and KQL
In this post, I’ll explain how to perform threat hunting for detecting phishing links using Sysmon and KQL.
Read more at bluraven.io
3 telltale signs the Active Directory has been compromised
The transition to remote and hybrid working models has led to an attack surface that is more dynamic than ever.
Read more at dqindia.com
Searching with Shodan
When it comes to IoT or other online devices, there are quite a lot of options to investigate them.
Read more at osintcurio.us
Microsoft's Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability
Microsoft's latest emergency patch update for Windows Print Spooler PrintNightmare RCE vulnerability fails to fully fix the issue.
Read more at thehackernews.com
Vulnerability Spotlight: Information disclosure, privilege escalation vulnerabilities in IOBit Advanced SystemCare Ultimate
Cisco Talos recently discovered multiple vulnerabilities in IOBit Advanced SystemCare Ultimate.
Read more at talosintelligence.com
Hancitor Making Use of Cookies to Prevent URL Scraping | McAfee Blogs
Like Emotet, Hancitor can send Malspams to spread itself and infect as many users as possible. Hancitor’s main purpose is to distribute other malware such as FickerStealer, Pony, CobaltStrike, Cuba Ransomware and Zeppelin Ransomware. The dropped Cobalt Strike beacons can then be used to move laterally around the infected environment and also execute other malware such as ransomware.
Read more at mcafee.com
Magecart Hackers Hide Stolen Credit Card Data Into Images for Evasive Exfiltration
Magecart hackers encode stolen credit card information into images for evasive data exfiltration.
Read more at thehackernews.com
The FBI's Fake Encrypted Honeypot Phones Are Showing Up Online
ANOM, which was used by the bureau to ensnare droves of criminals throughout the world, is now weirdly being sold on the secondary market.
Read more at gizmodo.com
Pentesting an IOT Based Biometric Attendance Device
IOT devices are often misconfigured by vendors and may open doors for anyone to access the sensitive data. In this case, the IOT device not only leaked out all the user info but also gave an opportunity for anyone to access or bypass the access control mechanism.
Read more at pentestmag.com
Letting Businesses ‘Hack Back’ Against Hackers Is a Terrible Idea, Cyber Veterans Say
Companies shouldn’t be allowed to strike back against hackers, cybersecurity specialists and former government officials warned, after senators last week introduced legislation floating the idea of such counterattacks.
Read more at wsj.com
What you can learn by solving OSINT challenges?
I have completed all the OSINT challenges on HTB, and here’s what I have learned.
Read more at infosecwriteups.com
Analysing YouTube geolocation data with ‘YouTube Geolocation’ | OS2INT
In this OSINT Tool Review, we look at an awesome tool that enables Digital Investigators to extract and analyse YouTube geolocation data.
Read more at os2int.com